惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
爱范儿
爱范儿
有赞技术团队
有赞技术团队
博客园 - 【当耐特】
Jina AI
Jina AI
Project Zero
Project Zero
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
WordPress大学
WordPress大学
Simon Willison's Weblog
Simon Willison's Weblog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tenable Blog
F
Fortinet All Blogs
大猫的无限游戏
大猫的无限游戏
Last Week in AI
Last Week in AI
月光博客
月光博客
雷峰网
雷峰网
G
Google Developers Blog
V
V2EX
T
Tor Project blog
罗磊的独立博客
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
W
WeLiveSecurity
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
P
Privacy International News Feed
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
小众软件
小众软件
Scott Helme
Scott Helme
I
Intezer
T
Threat Research - Cisco Blogs
The GitHub Blog
The GitHub Blog
N
Netflix TechBlog - Medium
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 最新话题
N
News | PayPal Newsroom
L
Lohrmann on Cybersecurity
T
Troy Hunt's Blog
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
人人都是产品经理
人人都是产品经理
Latest news
Latest news
AWS News Blog
AWS News Blog
Apple Machine Learning Research
Apple Machine Learning Research

Hacker News: Show HN

PurrrrrFocus: Pomodoro Timer App - App Store Workflow Engine — Multi-Step Orchestration for Bun RapidPhoto: Pro Photo Editor App - App Store GitHub - DheerG/swarms: Achieve extraordinary results with claude code across a variety of tasks SPICE simulation → oscilloscope → verification with Claude Code — Lucas Gerads Show HN: VCoding – A 5 MB native Windows IDE with no dynamic dependencies Show HN: LLMs don't hallucinate because they're bad at math, it's the format GitHub - Agent-FM/agentfm-core: AgentFM is a peer-to-peer network that turns everyday computers into a decentralized AI supercomputer. AgentFM lets you run massive AI workloads directly across a global mesh of idle CPUs and GPUs. Show HN: Tracking Top US Science Olympiad Alumni over Last 25 Years GitHub - Potarix/agent-hub: One place to talk to all your agents Show HN: Runtime security for AI agents(injection,tool abuse, data exfiltration) GitHub - dubeyKartikay/lazyspotify: Terminal Spotify client for macOS and Linux GitHub - the-banana-tool/king-louie: Easy to use GUI Personal AI Assistant. Win/Linux/Mac. Show HN I made my vacation rental bookable by AI agents–no Airbnb, 0% commission GitHub - basteez/jsf-autoreload: maven plugin to enable hot reload on jsf projects uvm32/hosts/host-gdbstub at main · ringtailsoftware/uvm32 GitHub - labsai/EDDI: Config-driven engine that turns JSON into production-grade AI agents. Multi-agent orchestration, 12+ LLM providers, MCP/A2A protocols, RAG, persistent memory, and enterprise compliance (EU AI Act, GDPR, HIPAA). Built on Quarkus. GitHub - glitchnsec/fortyone-oss: AI Executive Assistant Platform Quickstart | Alien GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. GitHub - ocrbase-hq/ocrbase: 📄 PDF/IMG ->.MD/JSON Document OCR API for PaddleOCR and GLMOCR. Self-hostable. GitHub - impactjo/home-memory: MCP server that lets your AI assistant remember everything about your home. GitHub - Sets88/dbcls: DbCls is a powerful terminal database client that supports various databases GitHub - neptun2000/heor-agent-mcp GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh RollQuation: Math Puzzles - Apps on Google Play GitHub - dropbox/witchcraft Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis GitHub - opentalon/opentalon: OpenTalon is an open-source platform built from the ground up in Go as a robust alternative to OpenClaw LinkedIn™ 职位抓取工具 - Chrome 应用商店 GitHub - EdoardoBambini/Agent-Armor-Iaga: AI agents are getting tool access — shell, file system, databases, APIs, secrets. But **nobody is governing what they actually do with it**. Frameworks like LangChain, CrewAI, AutoGen, and Claude Code give agents the power to execute. Agent Armor gives you the power to control, audit, and approve every single action before it happens. HN Vibes — Week 15, Apr 7–13 2026 GitHub - chojs23/ec: Easy terminal-native 3-way git mergetool vim-like workflow GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - JakOb-dotcom/cloud-sandbox-security-analysis: Technical analysis and Proof of Concept (PoC) regarding environment variable exfiltration in containerized cloud sandboxes via side-channel data leaks. Springboards - Flint Alpha Show HN: A simpler coding agent harness GitHub - audiodude/sudomake-friends GitHub - 256thFission/mini-mythos: OSS clone of Anthropic’s Mythos harness to locate C/C++ memory vulnerabilities Show HN: OpenParallax: OS-level privilege separation for AI agent execution Hacker News Sorted - Chrome 应用商店 Show HN: How to Install Docker on Ubuntu 24.04 LTS: Complete 2026 Guide GitHub - himanshudongre/smriti GitHub - sverrirsig/claude-control: macOS desktop dashboard for monitoring and managing multiple Claude Code sessions GitHub - ory/dockertest: Write better integration tests! Dockertest helps you boot up ephermal docker images for your Go tests with minimal work. Chiral - Chrome 应用商店 Show HN: Two Claudes collaborating through shared memory on a $100 mini-PC GitHub - pmichaillat/latex-cv: Minimalist LaTeX template for academic CVs GitHub - oguzbilgic/posse: A web UI for Anthropic Managed Agents. GitHub - sshiraz/depsly: Dependency risk analysis tool for npm packages ABI Add safari/agent-harness — Safari browser automation via safari-mcp by achiya-automation · Pull Request #212 · HKUDS/CLI-Anything GitHub - Halfblood-Prince/trustcheck: Verify PyPI package attestations and improve Python supply-chain security GitHub - oguzbilgic/kern-ai: Agents that do the work and show it. GitHub - bruits/satteri: High-performance Markdown and MDX processing for the JavaScript ecosystem GitHub - tylergibbs1/feedstock: High-performance web crawler and scraper for TypeScript, powered by Bun and Playwright GitHub - Grimm67123/grimmbot: The self-improving sandboxed and open-source AI agent. With persistent memory and scheduling. GitHub - whitevanillaskies/whitebloom: Local whiteboard that blooms. GitHub - hwdsl2/docker-whisper: Docker image for a self-hosted Whisper speech-to-text server with speaker diarization and OpenAI-compatible transcription and translation APIs. Powered by faster-whisper. Supports all Whisper models, NVIDIA GPU (CUDA) acceleration, JSON/SRT/VTT output, SSE streaming, offline mode, and multi-arch (amd64, arm64). GitHub - yisding/reviewwiggum GitHub - MarwanAlsoltany/serrors: Structured errors for Go: sentinel hierarchies, typed data, custom formatting, and slog integration. GitHub - soatok/age-php GitHub - Luthiraa/markitme GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits GitHub - tombedor/excalicharts GitHub - wh1le/excalidraw-edit: Open and edit .excalidraw files from the terminal. Offline, auto-saves to disk. MalExt Sentry - Malicious Extension Scanner - Chrome 应用商店 GitHub - syi0808/asciianimesvg: Generate animated ASCII art SVGs from text. CLI, Rust library, WASM, and web editor. GitHub - zaina-ml/ml_forge: A visual-based graph node editor for training computer vision models. GitHub - anakin87/llm-rl-environments-lil-course: 🌱 A little course on Reinforcement Learning Environments for evaluating and training Language Models GitHub - takaakit/superpowers-uml: Superpowers-UML modifies Superpowers to ensure a software development workflow in which AI agents design through UML modeling. AdriByte Studio - Sviluppo Web e Soluzioni Digitali GitHub - chouligi/angel-copilot: Your personalized Angel Investment Advisor Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 GitHub - agenteractai/lodmem: Level Of Detail Context Management for Agents GitHub - ostefani/subnetlens: A fast, concurrent network scanner with a TUI and plain-text CLI, built in Go. It discovers live hosts on your network, scans their open ports, resolves hostnames, and fingerprints operating systems—delivered. Cyber Pulse: Agentic Intel - Apps on Google Play Whisper API: Self-Hostable Speech to Text Transcription The Agent-Web Protocol Stack: A Research Thesis GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Show HN: Provepy – A Python decorator that proves your code using Lean and LLMs Show HN: Pardonned.com – A searchable database of US Pardons GitHub - patrickdappollonio/dux: Dux is a terminal UI that lets you run multiple AI coding agents side by side, each in its own git worktree, with full companion terminals, macros, commit generation, and a command palette that knows more tricks than you do. kMC Crystal Simulator Show HN: HyperFlow – A self-improving agent framework built on LangGraph GitHub - stef41/vibescore: 🎵 Grade your vibe-coded project. One command, instant letter grade across security, quality, dependencies, and testing. GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. imgur.com GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. GitHub - nowork-studio/toprank: Open-source Claude Code skills for SEO, SEM, Google Ads GitHub - tacomanator/sash: Lightweight macOS menu bar app for reliably cycling through windows of the current application. Appents | Social Media Management for Product-First Teams GitHub - pnhoang/youtube-spam-blocker: Automatically detects and hides spam messages in YouTube Live chat. Set rate limits, keyword filters, and block repeat offenders. GitHub - decisionnode/DecisionNode: CLI + Local MCP - A shared structured memory store across Claude Code, Cursor, Windsurf, Antigravity, and every MCP client. Semantically queryable. GitHub - AvaCodeSolutions/django-email-learning: An open source Django app for creating email-based learning platforms with IMAP integration and React frontend components. The $100K Gap in Kubernetes Security Tooling Function Calling Harness: From 6.75% to 100%
GitHub - datalocaltmp/Peepo: watchOS kernel R/W + live process memory dumping on Apple Watch Series 4 (watchOS 10.6.2 - latest). Named after the children's book Peepo!
datalocaltmp · 2026-06-24 · via Hacker News: Show HN

Here's a little baby - One, two, three - Sits in her high chair - What does she see? PEEPO!

Named after the children's book Peepo!. App artwork done by my niece H. McLaren.

⚠️ Read Compatibility before running. Confirmed on the Apple Watch Series 4 (Watch4,1) on watchOS 10.6.1 and 10.6.2 (the latest); the Series 5 and SE 1st gen share the same T8006 kernel and should work too. On any unsupported model or watchOS version it will panic/reboot the device - the exploit and offsets are hardcoded to the xnu-10063.144.1 kernel build, so confirm yours is in the matrix first.

Peepo exploits the darksword kernel bug to gain arbitrary kernel read/write on an Apple Watch Series 4 (Watch4,1 / T8006 / watchOS 10.6.1 or 10.6.2 / xnu-10063.144.1, arm64_32 userland), then uses that primitive to enumerate live processes and dump another process's memory to the app container - viewable on-watch or pullable to a host.

Peepo / DATASWORD demo


Table of contents

  • Compatibility
  • What it does
  • Setup (run it on your own watch)
  • On-watch UI
  • Pulling dumps off the watch ← file extraction
  • Dump file format & MachO extraction
  • How it works
  • Key offsets & constants
  • Build & deploy
  • Source map

Compatibility

Support is tied to the T8006 kernel build (xnu-10063.144.1, kernel UUID 00DD9EAB-9ABB-345E-B9AA-3E1F40538764), not the device alone. watchOS 10.6.1 and 10.6.2 ship that byte-identical kernel, and 10.6.2 is the final watchOS for every device below - so a fully-updated supported watch is covered.

Device SoC watchOS Status
Series 4 (Watch4,1) T8006 10.6.1 Confirmed on-device - primary target
Series 4 (Watch4,1) T8006 10.6.2 Confirmed on-device
Series 5 (Watch5,1-5,4) T8006 10.6.1 / 10.6.2 🟡 Should work - same kernel build & struct offsets (untested on hardware)
SE 1st gen (Watch5,9-5,12) T8006 10.6.1 / 10.6.2 🟡 Should work - ships the identical kernelcache to Series 5 (untested on hardware)

Why Series 5 / SE 1st gen should work: all three are the same T8006 chip. The Series 5 and SE-1st-gen kernelcaches are byte-identical to each other, and their kernel is the same build as Series 4 (identical UUID ⇒ identical struct offsets)

  • just relocated into a different kernelcache, which doesn't change the offsets Peepo hardcodes. The one unverified risk on those models is the dumper's hardcoded readable-physmap window (depends on the device's physical DRAM layout); the kernel R/W exploit and process enumeration should be unaffected. SE 2nd gen is a different SoC (S8/T8301) and will not work - don't confuse the two.

What it does

DATASWORD ──► darksword_run()  ──►  "=== WIN ==="  (kernel R/W + base/slide)
                                         │
                                         ▼
                                  PROCESS DUMP screen
                                         │
                  ┌──────────────────────┼───────────────────────┐
                  ▼                       ▼                        ▼
          peepo_list_processes    tap a process →          VIEW HEX (on-watch
          (kernel proc walk)      peepo_dump_process()     xxd of the dump)
                                  → <name>_<pid>.bin

Confirmed working: full kernel R/W, ~276-process enumeration, and complete memory dumps of live processes.


Setup (run it on your own watch)

This targets the T8006 watches (Series 4 confirmed; Series 5 / SE 1st gen expected) on watchOS 10.6.1 or 10.6.2 - see Compatibility for the matrix and confidence levels. Both builds ship the identical kernel, so the offsets work on either. On an unsupported model or OS version the hardcoded offsets are wrong and it will panic and reboot rather than fail cleanly. watchOS is OTA-only, but since 10.6.2 is the latest and works, a supported watch on an older build can simply update to 10.6.2.

0. Check compatibility first

On the watch: Settings → General → About - confirm your Model is in the Compatibility matrix (Watch4,1 is confirmed; Watch5,x is expected) and watchOS Version = 10.6.1 or 10.6.2. If the model isn't listed, stop here; if you're on an older watchOS, update to 10.6.2 first.

1. Prerequisites

  • A Mac with Xcode (the watchOS SDK + devicectl).
  • An Apple Developer account signed into Xcode. A free "Personal Team" works for running on your own watch (see Signing & account notes).
  • An iPhone paired to the watch, both with Developer Mode enabled (Settings → Privacy & Security → Developer Mode), and the watch trusted by Xcode for development.

2. Make it yours

The committed project is intentionally teamless - set signing to your own account. Open Peepo.xcodeproj in Xcode and, for both the app and the Watch App target (Signing & Capabilities):

  1. Signing Team - select your team; let Xcode manage signing automatically.
  2. Bundle identifier - change com.datalocaltmp.Peepo* to your own if Xcode can't register the existing one under your team (e.g. com.<you>.Peepo).
  3. HealthKit (Workout Processing) - leave this capability enabled. The app starts a HealthKit workout session purely to stay alive (avoid suspension) during the run, and WKBackgroundModes = workout-processing depends on it.

Then grab your watch's UDID for the command line:

xcrun devicectl list devices         # copy your watch's identifier

Use it wherever the docs say DEV=… (the repo's value is a placeholder).

3. Signing & account notes

  • A free account is enough. A free "Personal Team" (just an Apple ID added in Xcode → Settings → Accounts) can sign and run this on your own watch, HealthKit included - this project was built/run on one.
  • If signing fails on the HealthKit entitlement (rare, account-dependent): as a fallback you can strip WorkoutManager, the com.apple.developer.healthkit entitlement, and the workout-processing background mode - the app then runs without HealthKit but may get suspended mid-run.
  • Find your Team ID (for the CLI DEVELOPMENT_TEAM=…): Xcode → Settings → Accounts → your team → 10-char ID, or run security find-identity -v.

4. Build, install, run

See Build & deploy for exact commands. In short: build, devicectl … install, launch, tap DATASWORD, wait for === WIN ===.

5. Expect reboots

The R/W primitive is one-shot per launch, and force-quitting or reinstalling the app usually panics + reboots the watch - that's normal here; it recovers. Dumping an incompatible page also panics. None of this is persistent.


On-watch UI

Home screen

  • DATASWORD - runs the exploit; streams a live console; ends at === WIN ===.
  • 📄 list dumps - lists every *.bin dump in the app container with sizes.
  • 🗑 delete dumps - deletes all *.bin files to free space (incl. kc.bin).

After WIN (PROCESS DUMP screen)

  • Console of the exploit log, with a floating PROCESS DUMP button.
  • Tapping it opens the process list (name-only rows). Tap a process to dump it → <name>_<pid>.bin in the app's Documents/.
  • After a dump, VIEW HEX ▸ appears - an on-watch xxd view (offset · hex · ASCII, first 64 KB) with an to close. No host needed.

Pulling dumps off the watch

Dumps are written to the app's Documents container. Use Apple's devicectl (ships with Xcode). Two constants:

DEV=<YOUR-WATCH-UDID>          # the Apple Watch (devicectl list devices)
BUNDLE=com.datalocaltmp.Peepo.watchkitapp         # the app's bundle id

1. List what's in the container

xcrun devicectl device info files \
  --device "$DEV" \
  --domain-type appDataContainer \
  --domain-identifier "$BUNDLE" \
  --subdirectory Documents

Example output:

Name                       Size       Modification date
LegacyProfilesSu_325.bin   236.9 MB   ...
MTLCompilerServi_248.bin   250.5 MB   ...
kc.bin                     41.3 MB    ...   # kernelcache dump (if taken)
dumpdbg.log                10 KB      ...   # only present when DUMP_DEBUG=1

⚠️ This listing times out while the app is actively running (darksword holds kernel R/W and starves the file service over the tunnel). Run it when the app is not running - e.g. right after a reboot, or before relaunching. Single-file copies (below) work even while the app runs.

2. Pull a file

xcrun devicectl device copy from \
  --device "$DEV" \
  --domain-type appDataContainer \
  --domain-identifier "$BUNDLE" \
  --source Documents/LegacyProfilesSu_325.bin \
  --destination ./LegacyProfilesSu_325.bin

3. Pull the whole Documents directory

mkdir -p ./peepo_docs
xcrun devicectl device copy from --device "$DEV" \
  --domain-type appDataContainer --domain-identifier "$BUNDLE" \
  --source Documents --destination ./peepo_docs

(Same caveat: do it while the app isn't running, or it may time out.)

File naming

Dump files are named <last-16-chars-of-process-name>_<pid>.bin (non-alnum chars → _). The process name (not the truncated display) drives the filename, and pids change every boot, so always list first rather than guessing. Other files you may see:

File What When
<name>_<pid>.bin a process memory dump after PROCESS DUMP
kc.bin live kernelcache dump if the (currently hidden) DUMP KERNEL path is used
dumpdbg.log durable, panic-surviving step/PT-walk trace only when DUMP_DEBUG=1

Dump file format & MachO extraction

A .bin dump is a flat sequence of fixed records, one per mapped 16 KB page (unmapped/un-resident pages are skipped):

record = [ u64 little-endian virtual address ][ 16384 bytes of page data ]
record size = 8 + 0x4000 = 16392 bytes

Only resident pages are captured (demand-paged code that was never executed translates to PA 0 and is skipped), and only pages inside the readable physmap window are read. The dump is capped at 1 GB per process.

Because VAs are preserved, you can recover MachO images (the main executable and resident dyld-shared-cache slices) by scanning for the mach header magic. Quick host-side parser/extractor:

import struct, sys

REC = 8 + 0x4000
data = open(sys.argv[1], "rb").read()
n = len(data) // REC
print(f"{len(data)} bytes, {n} pages")

for i in range(n):
    off = i * REC
    va  = struct.unpack_from("<Q", data, off)[0]
    page = data[off+8 : off+8+0x4000]
    if page[:4] in (b"\xcf\xfa\xed\xfe", b"\xca\xfe\xba\xbe"):  # MH_MAGIC_64 / FAT
        print(f"  MachO @ va {va:#x}")
        # carve: open(f"img_{va:x}.bin","wb").write(<contiguous pages from va>)

(cf fa ed fe = little-endian MH_MAGIC_64.) On-watch, the same data is viewable directly via VIEW HEX without pulling anything.


How it works

1. darksword - kernel R/W

A physical-use-after-free (PUAF) attack that races pwritev()'s copy against a mach_vm_map(… OVERWRITE …) page remap.

  • pcObject is allocated from PurpleGfxMem (GPU device memory) via IOSurfaceCreate({IOSurfaceMemoryRegion: "PurpleGfxMem"}). These pages are device memory, not managed DRAM, so the kernel's physical-copy path does not trip the pmap_map_cpu_windows_copy_internal: attempted to map a managed page panic (guarded by pa_valid()). This was the key watch-port fix.
  • free_thread remaps pcAddress with one atomic mach_vm_map(VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE, …).
  • "Race landed" = pwritev returns -1 (EFAULT) plus a randomMarker sentinel mismatch: search pages are pre-filled with randomMarker; a page reclaimed by the kernel as a socket inpcb reads back kernel data instead.
  • pe_v1 sprays ~22k ICMPv6 sockets to reclaim freed pages, finds an inpcb of ours, and corrupts its in6p_icmp6filt pointer → a 0x20-byte arbitrary kernel R/W via get/setsockopt(ICMP6_FILTER) (early_kread64/early_kwrite).

Base + slide: controlSocketPcb → socket → so_proto → pr_input leaks a PAC-signed kernel text pointer. The watch's __xpaci is a no-op, so strip explicitly - the PAC sits in the top 32 bits, real text is the low 32: textPtr = (raw & 0xffffffff) | (protoPtr & 0xffffffff00000000). Scan down 16 KB pages for the MH_FILESET mach header → kernel_base; kernel_slide = kernel_base - 0xfffffff007004000.

STEP 6 bumps both sockets' so_count ("leak forever") so the R/W stays valid for the inspection code after the run.

2. Process enumeration

Userland enumeration is sandbox-blocked, so we walk the kernel proc list.

The anchor is obtained offset-free via leak_current_proc(): spray ~10-20k kqueue() fds (each kqfile stores kq_p = current_proc), read the reclaimed pages back through the physical-read race while free_thread is alive, and take the kernel pointer that repeats across the page. From current_proc, walk proc.p_list both directions; the proc-name field offset is self-calibrated at runtime by searching the struct for our own executable name.

3. Process memory dump

peepo_dump_process(proc, name) walks proc → task → vm_map → pmap, then for each vm_map entry translates every 16 KB page and writes it out.

  • task = proc + 0x740; map = strip(*(task+0x28)); pmap = strip(*(map+0x40)) (vm_map->pmap is PAC-signed, data key A, discriminator 0x250c).
  • 3-level 16 KB page-table walk (39-bit user VA): L1 (8-entry root) → L2 (2048) → L3 (2048): l1i=(va>>36)&7, l2i=(va>>25)&0x7ff, l3i=(va>>14)&0x7ff.
  • Physmap slide is global: derived from our own validated process's pmap (physmap_off = tte - ttep), not the target's (a target's ttep can be inconsistent). physmap_kva = pa + physmap_off.
  • PAC strip forces bit 39: (v & 0x7fffffffff) | 0xffffff8000000000 - the central bug that, when missing, mangled every signed pointer.

The carveout gate. early_kread is fault-unsafe - reading a physical page not covered by the physmap panics (reboots the watch). Live traces showed the low DRAM carveout (iBoot/SEP/TZ, 0x8_00000000 .. gPhysBase) is not in the physmap: pages at 0x801…/0x802… panic, while gPhysBase ≤ 0x8_06e68cc0 reads fine. So the dumper gates reads to a safe window [0x8_07000000, 0x8_40000000) and skips anything outside it. (TODO: read the kernel's exact gPhysBase/gPhysSize to close the small gap below the gate.)

Panicking runs are diagnosable only with DUMP_DEBUG=1, which mirrors every step to dumpdbg.log using F_FULLFSYNC (plain fsync does not survive a kernel panic on this device - the FS cache is effectively volatile across a panic).


Key offsets & constants (watchOS 10.6.1 / 10.6.2 / T8006)

Thing Value Notes
unslid kernel base 0xfffffff007004000 for kernel_slide
proc.p_list.le_next / le_prev +0x0 / +0x8 proc list walk
proc.p_pid +0x60
proc → task gap (proc_struct_size) 0x740 validated on this build (kfd's 0x778 was wrong here)
task->map +0x28
vm_map->pmap +0x40 PAC-signed (data key A, disc 0x250c)
pmap->tte / pmap->ttep +0x0 / +0x8 virtual / physical root TT
proc name field self-calibrated (gNameOff) searches struct for exe name
PAGE_SIZE 0x4000 (16 KB) DS_PAGE_SHIFT = 14
readable physmap window [0x807000000, 0x840000000) DRAM minus low carveout
dump cap 1 GB / process

All offsets were validated against the live kernel (the on-device kernelcache is the source of truth for this build, not a generic reference). A kernelcache dump (kc.bin) can be taken for cross-checking with blacktop/ipsw.


Build & deploy

watchOS app, target/scheme Peepo Watch App, builds for arm64_32.

The committed project has no signing team (scrubbed). Either open it in Xcode once and pick your team under Signing & Capabilities, or pass your Team ID on the command line (xcrun devicectl list devices gives your watch UDID; your Team ID is in Xcode → Settings → Accounts, or security find-identity -v).

DEV=<YOUR-WATCH-UDID>
TEAM=<YOUR-TEAM-ID>
BUNDLE=com.datalocaltmp.Peepo.watchkitapp
APP="$HOME/Library/Developer/Xcode/DerivedData/Peepo-*/Build/Products/Debug-watchos/Peepo Watch App.app"

xcodebuild -scheme "Peepo Watch App" -destination "generic/platform=watchOS" \
  DEVELOPMENT_TEAM="$TEAM" build
xcrun devicectl device install app --device "$DEV" $APP
xcrun devicectl device process launch --device "$DEV" "$BUNDLE"

Conventions / gotchas:

  • Rotate buildTag (4-char hex in ContentView.swift) before every redeploy so the running build is visually confirmable on-watch.
  • Force-quit Peepo before reinstalling. While the app runs it holds kernel R/W; install then times out (NSPOSIXErrorDomain 60 / IXRemoteErrorDomain 6). Force-quitting (or any reinstall) usually panics + reboots the watch - that's expected; it recovers.
  • The R/W primitive is one-shot per app launch (no persistence).
  • DUMP_DEBUG (in darksword.m) defaults to 0 (lean dumps). Set to 1 to get the durable dumpdbg.log panic trace back while debugging.

Troubleshooting

Symptom Cause / fix
Signing for "…" requires a development team No team set. Pick yours in Xcode → Signing & Capabilities, or pass DEVELOPMENT_TEAM=<id> to xcodebuild.
Build fails on the HealthKit entitlement Rare/account-dependent - see the fallback (strip HealthKit) in Signing & account notes.
install times out (NSPOSIXErrorDomain 60 / IXRemoteErrorDomain 6) The app is running and holding kernel R/W. Force-quit Peepo on the watch, then reinstall.
Watch panics/reboots on launch or on a dump Almost always the wrong device/OS (must be a T8006 watch @ 10.6.1 or 10.6.2 - see Compatibility), or a dump hit memory outside the readable physmap. Expected; it recovers.
devicectl device info files (listing dumps) times out The app is running. List after a reboot / before relaunching; single-file copy from still works while running.
App quietly dies mid-run Workout session didn't keep it alive - confirm the HealthKit/Workout capability is enabled and granted.

Source map

File Role
Peepo Watch App/darksword.m exploit + kernel R/W + proc walk + process dump + PT walk
Peepo Watch App/darksword.h public API (darksword_run, peepo_list_processes, peepo_dump_process, peepo_last_dump_path, …)
Peepo Watch App/ContentView.swift UI: home, console, PROCESS DUMP, process list, hex viewer, list/delete dumps, build tag
Peepo Watch App/ConsoleView.swift / ConsoleBridge.swift / ConsoleBuffer.swift on-watch console + console_log bridge
Peepo Watch App/kern_panic.c / .h console-logging plumbing (printf → console)
Peepo Watch App/WorkoutManager.swift keeps the app alive (HealthKit workout session) during the run

Credits & shout-outs

  • opa334 and htimesnine - for the darksword kernel n-day this project is built on. None of this exists without their work.
  • tihmstar - for jelbrekTime, the Apple Watch Series 3 jailbreak, and a great reference for watchOS exploitation.